Pricing
Case studies
Login
Start trial
The leading open source vulnerability database
Instantly mitigate vulnerabilities in WordPress websites with Patchstack.
See pricing
Rated 4.9
Total
38,024
Mitigations
Mitigation rules
13,899
No official fix
10,834
In triage
1,239
Published soon
37
Stats
WordPress stats
Search
Everything
Vulnerabilities
Priority
CVSS
0
10
Mitigation available
Exploited
Clear
Affected software | Vulnerability
Risk
Disclosed
Yoast SEO
<= 26.8
Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute vulnerability
6.5
1 hour ago
Events Listing Widget
<= 1.3.4
Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field vulnerability
5.9
2 hours ago
Code Snippets
<= 3.9.4
Cross-Site Request Forgery to Cloud Snippet Download/Update Actions vulnerability
4.3
2 hours ago
Employee Directory
<= 1.2.1
Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute vulnerability
6.5
2 hours ago
Docus
<= 1.0.6
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
2 hours ago
WaveSurfer-WP
<= 2.8.3
Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute vulnerability
6.5
2 hours ago
Orange Comfort+ accessibility toolbar for WordPress
<= 0.7
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
6.5
2 hours ago
OAuth Single Sign On – SSO (OAuth Client)
<= 6.26.14
WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 6.26.14 - Missing Authorization vulnerability
5.3
2 hours ago
Timeline Block
<= 1.3.3
Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute vulnerability
4.3
2 hours ago
Product Enquiry for WooCommerce
< 3.1
Admin+ Stored XSS vulnerability
5.9
3 hours ago
Ultimate Maps by Supsystic
< 1.2.16
Admin+ Stored XSS vulnerability
5.9
4 hours ago
WP Customer Area
< 8.2.1
Subscriber+ Account Address Update vulnerability
5.4
4 hours ago
Post SMTP
< 2.8.7
Admin+ SQL Injection vulnerability
7.6
4 hours ago
EasyJobs
< 2.4.7
Subscriber+ Arbitrary Settings Update vulnerability
5.4
4 hours ago
CommentTweets
<= 0.6
Settings Update via CSRF vulnerability
4.3
5 hours ago
Keap Official Opt-in Forms
< 1.0.12
Admin+ Stored XSS vulnerability
5.9
5 hours ago
JSM file_get_contents() Shortcode
< 2.7.1
Contributor+ SSRF vulnerability
4.9
5 hours ago
WP All Import
< 3.7.3
Admin+ Arbitrary File Upload to RCE vulnerability
9.1
5 hours ago
Community by PeepSo
< 6.3.1.2
User Post Creation via CSRF vulnerability
4.3
5 hours ago
Hubbub Lite
< 1.32.0
Admin+ Stored XSS vulnerability
5.9
5 hours ago
Load more
